[Forensics-changes] [yara] 36/415: Bug fix: Multi-source compilation did not handle global rules correctly
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:41 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit eb3721492481da475d5b609b6a32e3e7f747c866
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Oct 22 20:37:31 2009 +0000
Bug fix: Multi-source compilation did not handle global rules correctly
---
libyara/ast.c | 6 ++--
libyara/ast.h | 2 +-
libyara/grammar.c | 4 +--
libyara/grammar.y | 4 +--
libyara/libyara.c | 64 ++++++++++++++++++++++++++++++++++---------
libyara/libyara.tmproj | 70 +++++++++++++++++++++++++++++------------------
libyara/yara.h | 25 +++++++++++++----
yara-python/yara-python.c | 10 ++-----
8 files changed, 123 insertions(+), 62 deletions(-)
diff --git a/libyara/ast.c b/libyara/ast.c
index 3b74dfa..bb2b97b 100644
--- a/libyara/ast.c
+++ b/libyara/ast.c
@@ -25,14 +25,14 @@ GNU General Public License for more details.
#define todigit(x) ((x) >='A'&& (x) <='F')? ((unsigned char) (x - 'A' + 10)) : ((unsigned char) (x - '0'))
-RULE* lookup_rule(RULE_LIST* rules, char* identifier, char* namespace)
+RULE* lookup_rule(RULE_LIST* rules, char* identifier, NAMESPACE* namespace)
{
RULE* rule = rules->head;
while (rule != NULL)
{
if (strcmp(rule->identifier, identifier) == 0 &&
- strcmp(rule->namespace, namespace) == 0)
+ strcmp(rule->namespace->name, namespace->name) == 0)
{
return rule;
}
@@ -112,7 +112,7 @@ int require_exe_file(TERM* term)
}
}
-int new_rule(RULE_LIST* rules, char* identifier, char* namespace, int flags, TAG* tag_list_head, STRING* string_list_head, TERM* condition)
+int new_rule(RULE_LIST* rules, char* identifier, NAMESPACE* namespace, int flags, TAG* tag_list_head, STRING* string_list_head, TERM* condition)
{
RULE* new_rule;
diff --git a/libyara/ast.h b/libyara/ast.h
index 2a91e58..e2c67cc 100644
--- a/libyara/ast.h
+++ b/libyara/ast.h
@@ -131,7 +131,7 @@ typedef struct _TERM_STRING
-int new_rule(RULE_LIST* rules, char* identifier, char* namespace, int flags, TAG* tag_list_head, STRING* string_list_head, TERM* condition);
+int new_rule(RULE_LIST* rules, char* identifier, NAMESPACE* namespace, int flags, TAG* tag_list_head, STRING* string_list_head, TERM* condition);
int new_string(YARA_CONTEXT* context, char* identifier, SIZED_STRING* charstr, int flags, STRING** string);
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 45eb9db..c3f7a43 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -2507,9 +2507,7 @@ int reduce_rule_declaration( yyscan_t yyscanner,
STRING* string;
YARA_CONTEXT* context = yyget_extra(yyscanner);
- char* namespace = strdup(context->current_namespace);
-
- context->last_result = new_rule(&context->rule_list, identifier, namespace, flags, tag_list_head, string_list_head, condition);
+ context->last_result = new_rule(&context->rule_list, identifier, context->current_namespace, flags, tag_list_head, string_list_head, condition);
if (context->last_result != ERROR_SUCCESS)
{
diff --git a/libyara/grammar.y b/libyara/grammar.y
index 6a22f5f..1720ed6 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -556,9 +556,7 @@ int reduce_rule_declaration( yyscan_t yyscanner,
STRING* string;
YARA_CONTEXT* context = yyget_extra(yyscanner);
- char* namespace = strdup(context->current_namespace);
-
- context->last_result = new_rule(&context->rule_list, identifier, namespace, flags, tag_list_head, string_list_head, condition);
+ context->last_result = new_rule(&context->rule_list, identifier, context->current_namespace, flags, tag_list_head, string_list_head, condition);
if (context->last_result != ERROR_SUCCESS)
{
diff --git a/libyara/libyara.c b/libyara/libyara.c
index 0346704..96a75d9 100644
--- a/libyara/libyara.c
+++ b/libyara/libyara.c
@@ -49,8 +49,8 @@ YARA_CONTEXT* yr_create_context()
context->file_name_stack_ptr = 0;
context->current_rule_strings = NULL;
context->inside_for = 0;
-
- strcpy(context->current_namespace, "default");
+ context->namespaces = NULL;
+ context->current_namespace = yr_create_namespace(context, "default");
memset(context->hash_table.hashed_strings, 0, sizeof(context->hash_table.hashed_strings));
@@ -68,6 +68,8 @@ void yr_destroy_context(YARA_CONTEXT* context)
MATCH* next_match;
TAG* tag;
TAG* next_tag;
+ NAMESPACE* ns;
+ NAMESPACE* next_ns;
rule = context->rule_list.head;
@@ -120,16 +122,43 @@ void yr_destroy_context(YARA_CONTEXT* context)
}
free_term(rule->condition);
- yr_free(rule->identifier);
- yr_free(rule->namespace);
+ yr_free(rule->identifier);
yr_free(rule);
rule = next_rule;
}
+
+ ns = context->namespaces;
+
+ while(ns != NULL)
+ {
+ next_ns = ns->next;
+
+ yr_free(ns->name);
+ yr_free(ns);
+
+ ns = next_ns;
+ }
clear_hash_table(&context->hash_table);
yr_free(context);
}
+
+NAMESPACE* yr_create_namespace(YARA_CONTEXT* context, const char* namespace)
+{
+ NAMESPACE* ns = yr_malloc(sizeof(NAMESPACE));
+
+ if (ns != NULL)
+ {
+ ns->name = strdup(namespace);
+ ns->global_rules_satisfied = FALSE;
+ ns->next = context->namespaces;
+ context->namespaces = ns;
+ }
+
+ return ns;
+}
+
char* yr_get_current_file_name(YARA_CONTEXT* context)
{
if (context->file_name_stack_ptr > 0)
@@ -177,6 +206,7 @@ int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, YARA_CONTEXT* c
int file_is_pe;
RULE* rule;
+ NAMESPACE* ns;
EVALUATION_CONTEXT eval_context;
if (buffer_size < 2)
@@ -233,9 +263,17 @@ int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, YARA_CONTEXT* c
rule = context->rule_list.head;
- /* evaluate global rules */
+ /* initialize global rules flag for all namespaces */
+
+ ns = context->namespaces;
+
+ while(ns != NULL)
+ {
+ ns->global_rules_satisfied = TRUE;
+ ns = ns->next;
+ }
- global_rules_satisfied = TRUE;
+ /* evaluate global rules */
while (rule != NULL)
{
@@ -249,7 +287,7 @@ int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, YARA_CONTEXT* c
}
else
{
- global_rules_satisfied = FALSE;
+ rule->namespace->global_rules_satisfied = FALSE;
}
if (!(rule->flags & RULE_FLAGS_PRIVATE))
@@ -264,18 +302,18 @@ int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, YARA_CONTEXT* c
rule = rule->next;
}
- if (!global_rules_satisfied)
- {
- return ERROR_SUCCESS;
- }
+ /* evaluate the rest of the rules rules */
rule = context->rule_list.head;
while (rule != NULL)
{
- /* skip global rules and privates rules */
+ /*
+ skip global rules, privates rules, and rules that don't need to be
+ evaluated due to some global rule unsatisfied in it's namespace
+ */
- if (rule->flags & RULE_FLAGS_GLOBAL || rule->flags & RULE_FLAGS_PRIVATE)
+ if (rule->flags & RULE_FLAGS_GLOBAL || rule->flags & RULE_FLAGS_PRIVATE || !rule->namespace->global_rules_satisfied)
{
rule = rule->next;
continue;
diff --git a/libyara/libyara.tmproj b/libyara/libyara.tmproj
index aaccbd5..f644a4b 100644
--- a/libyara/libyara.tmproj
+++ b/libyara/libyara.tmproj
@@ -3,7 +3,7 @@
<plist version="1.0">
<dict>
<key>currentDocument</key>
- <string>../yara.c</string>
+ <string>lex.l</string>
<key>documents</key>
<array>
<dict>
@@ -37,13 +37,15 @@
<key>filename</key>
<string>ast.c</string>
<key>lastUsed</key>
- <date>2009-10-22T12:12:19Z</date>
+ <date>2009-10-22T14:25:02Z</date>
</dict>
<dict>
<key>filename</key>
<string>lex.l</string>
<key>lastUsed</key>
- <date>2009-10-21T22:14:40Z</date>
+ <date>2009-10-22T14:32:32Z</date>
+ <key>selected</key>
+ <true/>
</dict>
<dict>
<key>filename</key>
@@ -55,9 +57,7 @@
<key>filename</key>
<string>../yara.c</string>
<key>lastUsed</key>
- <date>2009-10-22T13:00:13Z</date>
- <key>selected</key>
- <true/>
+ <date>2009-10-22T14:22:47Z</date>
</dict>
<dict>
<key>filename</key>
@@ -69,7 +69,7 @@
<key>filename</key>
<string>libyara.c</string>
<key>lastUsed</key>
- <date>2009-10-22T13:00:12Z</date>
+ <date>2009-10-22T14:23:31Z</date>
</dict>
</array>
<key>expanded</key>
@@ -84,13 +84,13 @@
<key>filename</key>
<string>yara.h</string>
<key>lastUsed</key>
- <date>2009-10-22T12:59:29Z</date>
+ <date>2009-10-22T14:24:58Z</date>
</dict>
<dict>
<key>filename</key>
<string>pefile.h</string>
<key>lastUsed</key>
- <date>2009-10-22T12:07:10Z</date>
+ <date>2009-10-22T14:25:01Z</date>
</dict>
<dict>
<key>filename</key>
@@ -120,25 +120,25 @@
<key>filename</key>
<string>sizedstr.h</string>
<key>lastUsed</key>
- <date>2009-10-22T12:59:25Z</date>
+ <date>2009-10-22T14:24:38Z</date>
</dict>
<dict>
<key>filename</key>
<string>mem.h</string>
<key>lastUsed</key>
- <date>2009-10-22T12:59:24Z</date>
+ <date>2009-10-22T14:24:36Z</date>
</dict>
<dict>
<key>filename</key>
<string>scan.h</string>
<key>lastUsed</key>
- <date>2009-10-22T12:59:23Z</date>
+ <date>2009-10-22T14:24:55Z</date>
</dict>
<dict>
<key>filename</key>
<string>lex.h</string>
<key>lastUsed</key>
- <date>2009-04-14T15:33:37Z</date>
+ <date>2009-10-22T14:32:32Z</date>
</dict>
</array>
<key>expanded</key>
@@ -156,14 +156,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>3</integer>
+ <integer>10</integer>
<key>line</key>
- <integer>81</integer>
+ <integer>202</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>107</integer>
+ <integer>472</integer>
</dict>
<key>ast.c</key>
<dict>
@@ -268,9 +268,9 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>45</integer>
+ <integer>0</integer>
<key>line</key>
- <integer>30</integer>
+ <integer>25</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
@@ -282,28 +282,44 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>26</integer>
+ <integer>0</integer>
<key>line</key>
- <integer>427</integer>
+ <integer>419</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>97</integer>
+ <integer>7</integer>
</dict>
<key>libyara.c</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>25</integer>
+ <integer>0</integer>
<key>line</key>
- <integer>123</integer>
+ <integer>151</integer>
</dict>
+ <key>columnSelection</key>
+ <false/>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>204</integer>
+ <integer>116</integer>
+ <key>selectFrom</key>
+ <dict>
+ <key>column</key>
+ <integer>44</integer>
+ <key>line</key>
+ <integer>151</integer>
+ </dict>
+ <key>selectTo</key>
+ <dict>
+ <key>column</key>
+ <integer>0</integer>
+ <key>line</key>
+ <integer>151</integer>
+ </dict>
</dict>
<key>mem.c</key>
<dict>
@@ -438,14 +454,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>29</integer>
+ <integer>47</integer>
<key>line</key>
- <integer>202</integer>
+ <integer>228</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>166</integer>
+ <integer>184</integer>
</dict>
</dict>
<key>openDocuments</key>
diff --git a/libyara/yara.h b/libyara/yara.h
index 9192b0e..c511907 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -145,11 +145,20 @@ typedef struct _TERM
} TERM;
+typedef struct _NAMESPACE
+{
+ char* name;
+ int global_rules_satisfied;
+ struct _NAMESPACE* next;
+
+} NAMESPACE;
+
+
typedef struct _RULE
{
char* identifier;
- char* namespace;
int flags;
+ NAMESPACE* namespace;
STRING* string_list_head;
TAG* tag_list_head;
TERM* condition;
@@ -197,10 +206,12 @@ typedef struct _YARA_CONTEXT
RULE_LIST rule_list;
HASH_TABLE hash_table;
- STRING* current_rule_strings;
- int inside_for;
+
+ NAMESPACE* namespaces;
+ NAMESPACE* current_namespace;
- char current_namespace[256];
+ STRING* current_rule_strings;
+ int inside_for;
char* file_name_stack[MAX_INCLUDE_DEPTH];
int file_name_stack_ptr;
@@ -216,13 +227,17 @@ typedef struct _YARA_CONTEXT
} YARA_CONTEXT;
-RULE* lookup_rule(RULE_LIST* rules, char* identifier, char* namespace);
+RULE* lookup_rule(RULE_LIST* rules, char* identifier, NAMESPACE* namespace);
STRING* lookup_string(STRING* string_list_head, char* identifier);
TAG* lookup_tag(TAG* tag_list_head, char* identifier);
void yr_init();
+
YARA_CONTEXT* yr_create_context();
void yr_destroy_context(YARA_CONTEXT* context);
+
+NAMESPACE* yr_create_namespace(YARA_CONTEXT* context, const char* namespace);
+
char* yr_get_current_file_name(YARA_CONTEXT* context);
void yr_push_file_name(YARA_CONTEXT* context, const char* file_name);
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index af669cb..5b31e71 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -288,9 +288,7 @@ static PyObject * Rules_new_from_file(FILE* file, const char* namespace, PyObjec
if (namespace != NULL)
{
- strncpy(context->current_namespace, namespace, sizeof(context->current_namespace) - 1);
- /* null-terminate the string even if strncpy didn't*/
- context->current_namespace[sizeof(context->current_namespace)] = '\0';
+ context->current_namespace = yr_create_namespace(context, namespace);
}
errors = yr_compile_file(file, context);
@@ -345,9 +343,7 @@ static PyObject * Rules_new_from_string(const char* string, const char* namespac
if (namespace != NULL)
{
- strncpy(context->current_namespace, namespace, sizeof(context->current_namespace) - 1);
- /* null-terminate the string even if strncpy didn't*/
- context->current_namespace[sizeof(context->current_namespace)] = '\0';
+ context->current_namespace = yr_create_namespace(context, namespace);
}
errors = yr_compile_string(string, context);
@@ -438,7 +434,7 @@ int callback(RULE* rule, unsigned char* buffer, unsigned int buffer_size, void*
string = string->next;
}
- match = Match_NEW(rule->identifier, rule->namespace, taglist, stringlist);
+ match = Match_NEW(rule->identifier, rule->namespace->name, taglist, stringlist);
if (match != NULL)
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list